Hiding db login in php (.htaccess question?)

[Sharksfan]

So I've got a script "index.php" it works fine.

In the script I have this line since I don't want my db info in the php script:

//MySQL Database Connect
include 'conn.inc';

The include works fine - the script connects to the db and pulls back what I want.

The conn.inc file just includes this:

<?php 
 // Connects to Our Database 
$username="my_db_uid";
$password="my_pwd";
$database="my_db_name";
mysql_connect(localhost,$username,$password);
mysql_select_db($database) or die(mysql_error()); 
?>

Of course I don't want anyone to be able to read the conn.inc file so I have this in the .htaccess file:

<Files ~ "^.*\.inc$">
Order allow,deny
Deny from all
</Files>

Here's the weird part - to test this I put hxxp://myurl/conn.inc into a browser and I expected to get an error/forbidden message.

Instead I get the exact same results as if I'd put the index.php file into my browser.

I cleared cache, etc of course - checked file contents.

Help?

 

[Icecube]

I'd say you can just name it conn.php
if your server is properly configured the content between <?php and ?> won't be displayed, unless you echo/print it

if I'm not wrong this happens because php is registered as the usual php file extension so the server knows it's something to be executed server side, and not downloaded. Instead I suppose that a not properly configured server could push a .inc file as a downloadable file

that said, I could be totally wrong as I am not a server admin....

 

[yast]

yeah,rename it to conn.inc.php .
and move it out of your webroot dir